<?php
include_once('_path.php');

include_once(_ROOTPATH."backend/includes/init.php");

if (_BACKEND_ACTION =='login') {

	$name = trim($_REQUEST['name']); $quote['name'] = string_sql($name);
	$pwd = trim($_REQUEST['pwd']); $quote['pwd'] = string_sql(md5($pwd));
	
	$token = $_REQUEST['token'];

	verify_field("name", "Name", "empty");
	verify_field("pwd", "Password", "empty");

	if (!count($error_strs) && $token == $_SESSION['token']) {
		$rs = $database->queryFirst(sprintf("SELECT id, name FROM admin WHERE name=%s AND pwd =%s AND status = 0", $quote['name'], $quote['pwd']));
		if(!$rs['id']){
			echo "<script>alert('Username OR Password Incorrect.')</script>";
		}else{
			$_SESSION['buserid'] = $rs['id'];
			$_SESSION['bname'] = $rs['name'];
			$database->execute(sprintf("UPDATE admin SET lasttime = %s, lastip = %s", _CONST_TIMENOW, string_sql(fetch_alt_ip())));
			add_log('do_login', 'login', 'login success');
			header("Location:index.php");
			exit();
		}
	}
}

$token = md5(_CONST_TIMENOW);
$_SESSION['token'] = $token;
$css = array('index', 'form');
$js = array();

add_log('show', 'login');

include_once(_ROOTPATH."backend/layout/_header.php");

?>
	<div id="path">
		<ul>
			<li><a href="<?php echo _CONST_WEB_URL ?>"><?php echo _CONST_WEB_NAME?></a></li>
			<li><a href="<?php echo _CONST_BACKEND_URL ?>">Backend</a></li>
			<li>Login</li>
		</ul>
	</div>
	<div id="content">
		<ul id="submenu">
			<li <?php echo iif($action == "", 'class="current"') ?>><a href="<?php echo _CONST_BACKEND_URL ?>login.php" class="button"><span class="login">Login</span></a></li>
		</ul>
    <span style="margin:7px 10px 2px 50px;" class="l">Current User:<?php echo $_SESSION['bname']?>&nbsp;&nbsp;<?php echo gmdate('D M j, Y h:ia T', _CONST_TIMENOW) ?></span>

		<div class="cr"></div>
		<form action="<?php echo _CONST_BACKEND_URL ?>login.php?action=login" method="post" id="form" class="form border" name="form">
			<input type="hidden" name="token" value="<?php echo $token?>" />
			<fieldset>
			<legend><span>Login Information</span></legend>
			<ol>
				<li>
					<label for="name">Username <?php echo show_field_error('name') ?></label>
					<input name="name" type="text" class="text" size="30" maxlength="50" value="<?php echo htmlspecialchars($name) ?>" />
				</li>
				<li>
					<label for="pwd">Password <?php echo show_field_error('pwd') ?></label>
					<input name="pwd" type="password" class="text" size="30" maxlength="50" value="<?php echo htmlspecialchars($pwd) ?>" />
				</li>
			</ol>
			</fieldset>
			<fieldset class="submit">
				<input type="submit" class="button" value="Login" /> <input type="button" value="Cancel" class="button" onclick="location.href='/'"/>
			</fieldset>
		</form>
	</div>
<?php
include_once(_ROOTPATH."backend/layout/_footer.php");
?>
<?php exit(); ?>